r6800: A big GENSEC update:

Finally remove the distinction between 'krb5' and 'ms_krb5'.  We now
don't do kerberos stuff twice on failure.  The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process.  All modules have been updated to supply a
NULL-terminated list of OIDs.

In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.

Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.

The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line.  It will soon loose the
requirement for a on-disk keytab too.

The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.

Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)

1 files changed, 6 insertions, 1 deletions

diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 268881e4ba..be6731abfa 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -54,7 +54,7 @@ struct gensec_security_ops {
 	const char *name;
 	const char *sasl_name;
 	uint8_t auth_type;  /* 0 if not offered on DCE-RPC */
-	const char *oid;  /* NULL if not offered by SPNEGO */
+	const char **oid;  /* NULL if not offered by SPNEGO */
 	NTSTATUS (*client_start)(struct gensec_security *gensec_security);
 	NTSTATUS (*server_start)(struct gensec_security *gensec_security);
 	NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
@@ -92,6 +92,11 @@ struct gensec_security_ops {
 	BOOL enabled;
 };
 	
+struct gensec_security_ops_wrapper {
+	const struct gensec_security_ops *op;
+	const char *oid;
+};
+
 #define GENSEC_INTERFACE_VERSION 0
 
 struct gensec_security {